> For the complete documentation index, see [llms.txt](https://docs.devolutions.net/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.devolutions.net/rdm/knowledge-base/how-to-articles/cyberark-entry-types.md). # CyberArk entry types {% hint style="info" %} CyberArk integrations require either Remote Desktop Manager Team edition or the \[Privileged access management solutions package]\() license. {% endhint %} All target system connections ultimately utilize a variant of the psm \`/u {user} /a {target} /c {connection\_type}\` executable. Once you have authenticated to PSM through AAM password-less or PVWA credentials, a connection to the target system is launched on PSM through the \`psm\` executable. This open connection is then streamed back to the Remote Desktop Manager client, PVWA HTML5 web interface, or an RDP client via the generated RDP file. The general distinction between the CyberArk types in Remote Desktop Manager is how a user authenticates to PSM and whether the integrated PVWA dashboard is used within Remote Desktop Manager to open a connection rather than directly launching the connection. ### Credentials These credentials are often linked directly to a connection to facilitate seamless connections to a target system through CyberArk PSM. ***CyberArk AAM***: Links a user's locally stored private certificate (key) in the user certificate store and the CyberArk CCP REST API service. The certificate thumbprint, linked to an Application (defined in PVWA) that identifies an Remote Desktop Manager client (optionally restricted to specific IP addresses), retrieves the requested credentials from the Digital Vault, optionally managed by the CPM. ***CyberArk PVWA***: Similar to AAM, but supporting non-AAM authentication methods such as CyberArk (internal authentication), LDAP, Windows (Kerberos integrated authentication), Radius, and SAML (SSO). ### Connections ***CyberArk Dashboard***: Provide Remote Desktop Manager users with an alternate interface to PVWA. View a list of Digital Vault Safes and Accounts the currently logged-on user can access. Connect to target systems through the following methods: * Traditional PSM Connection * Bypassing PSM via the ***Allow connect to host*** option under ***Advanced*** – ***General***. Not recommended. ![](https://cdnweb.devolutions.net/docs/docs_en_kb_KB6114.png) PSM Alternate Shell (also internally known as the Ad-Hoc connection method, different from the Ad-Hoc connection in PVWA). Requires a pre-existing CyberArk PSM Server to be configured. ![](https://cdnweb.devolutions.net/docs/docs_en_kb_KB6116.png) * ***CyberArk PSM Connection*** – Intended to connect to a specific host using a privileged account and a PSM server connection, leveraging the PSM Alternate Shell connection method. * ***CyberArk PSM Server*** – Used with the PSM Connection (and PSM Alternate Shell option of the CyberArk Dashboard connection) to define a PSM server for connecting to a given host. ### Authentication Modes and Authentication Credentials The CyberArk PVWA credential, CyberArk Dashboard connection, and CyberArk PSM Connection all offer several authentication methods. These authentication methods are to ***authenticate to PVWA*** (i.e., if you navigated to the web interface and chose the authentication method), not the target endpoint. Below is how the authentication modes map to the authentication credentials. ### CyberArk Dashboard (Connection) {% hint style="info" %} The ***My Account Settings PVWA*** option is the setting located in ***File*** – ***My Account Settings*** – ***CyberArk PVWA***. ***AAM (user vault search)*** is to find a stored AAM entry within an advanced workspace user vault. {% endhint %} * ***CyberArk***: Custom, My Account Settings PVWA, AAM (Linked), AAM (user vault search) * ***LDAP***: Custom, My Account Settings PVWA, AAM (Linked), AAM (user vault search) * ***Radius***: Custom, My Account Settings PVWA, AAM (Linked), AAM (user vault search) * ***Windows***: Custom, My Account Settings PVWA, AAM (Linked), AAM (user vault search) * ***SAML:*** None * ***PKI:*** None * ***PKIPN:*** None ### CyberArk PVWA (Credential) {% hint style="info" %} The AAM option offers a drop-down to choose an existing credential. {% endhint %} * ***CyberArk***: Custom, AAM * ***LDAP***: Custom, AAM * ***Radius***: Custom, AAM * ***Windows***: Custom, AAM * ***SAML***: None * ***PKI:*** None * ***PKIPN:*** None ### CyberArk PSM Server (Connection) {% hint style="info" %} The AAM option offers a drop-down to choose an existing credential. {% endhint %} * ***AAM***: Linked Credential * ***Custom***: Username and Password ### See also * [Devolutions Blog - Spotlight on: RDM CyberArk PVWA credential entry for PSM connection](https://blog.devolutions.net/2025/05/spotlight-on-rdm-cyberark-pvwa-credential-entry-for-psm-connection/) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.devolutions.net/rdm/knowledge-base/how-to-articles/cyberark-entry-types.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.